North Korea Targets Macs with Fake Cryptocurency Trading Site and App

· · TMO Deals

North Korean hacking group “Lazarus Group” has been targeting Macs with a bit of fake website used to promote an open source app that served as a trojan horse. The fake site was called JMT Trading, and was designed to look like a trading platform. To use the trading platform, you had to download an app from Github, but even though the app was open source, it contained malware for Macs, with the whole scheme being part of North Korea’s efforts to steal Bitcoin. Check out Forbes‘s report:

The hackers may then go a step further by contacting administrators and users of cryptocurrency exchanges, asking them to test and review their new app, Wardle told Forbes. If they get lucky, they get a bit of leverage in an official cryptocurrency vendor and start infecting targets.

New York City Partners With Cellebrite to Hack iPhones

· · Link

Documents reveal that New York City law enforcement has a partnership with Cellebrite to hack iPhones.

Previously, if law enforcement wanted to get into newer devices, they had to send the phones to one of Cellebrite’s digital forensics labs, located in New Jersey and Virginia. But Cellebrite’s new UFED Premium program gave law enforcement the ability to “unlock and extract data from all iOS and high-end Android devices” on their own, using software installed on computers in their offices.

I’ve always wondered if eventually Apple will remove the Lightning port from the iPhone once wireless charging becomes the norm. Side effects may include better waterproofing and worsened hacking.

Microsoft says Iranian 'Phosphorus' Group Tried to Hack U.S. Presidential Campaign

· · Link

In a blog post today Microsoft says that Iranian hackers attacked a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran.

Four accounts were compromised as a result of these attempts; these four accounts were not associated with the U.S. presidential campaign or current and former U.S. government officials. Microsoft has notified the customers related to these investigations and threats and has worked as requested with those whose accounts were compromised to secure them.

No word yet on what time President Trump asked Iran to interfere with our elections.

One Year Later: Bloomberg Hasn't Retracted its iCloud Spy Chip Story

· · Link

This story doesn’t need me piling on, but I think it’s astounding that a media organization with integrity, gravitas, etc. etc. still hasn’t retracted its debunked theory one year later. And the journalists who wrote the story are now in charge of Bloomberg‘s cybersecurity division. If by some miracle we learn that there really are spy chips I will most certainly apologize. But with zero evidence, I think that probability is low.

There’s been a lot of smoke, but no firings. Quite the opposite. It’s been a year since Bloomberg Businessweek published an extensively debunked story claiming that companies including Apple and Amazon had been hacked. Yet since then, all of Bloomberg‘s few responses and actions have only doubled down on how this publication lacks credibility on the topic.

Hacker Claims New 'checkm8' Exploit Can Lead to Permanent Jailbreak

· · Link

Twitter use axi0mX posted about how a new iOS exploit called checkm8 could lead to a “permanent unpatchable bootrom exploit” for iPhone 4s to iPhone X.

What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.

I’m sure governments around the world will be in touch.

White House Blocks Audit of its Offensive Hacking Strategy

· · Link

The White House is blocking an audit by Congress for its offensive hacking policy it has already used for cyberattacks against Russia and Iran.

The policy, which loosened the reins on military strikes against U.S. adversaries, has been withheld for more than a year from lawmakers — even those who regularly review classified material. Lawmakers from both parties are concerned the Trump administration could plunge the country into a cyberwar without congressional approval or oversight, or at the very least, provoke retaliation that causes serious damage at home.

The White House hacking strategy is: “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing.

Russian Confesses to JPMorgan Chase Hack

· · Link

Russian hacker in front of Russian flag

Russian national Adrei Tyurin confessed to the 2014 hacking of JPMorgan Chase which stole the data of over 80 million customers.

Tyurin carried out the hacks at the direction of co-conspirator Gery Shalon, who used the stolen data to further a variety of schemes, including securities fraud. One scheme involved artificially inflating the price of certain publicly traded stocks by marketing them in a deceptive and misleading manner to customers of companies Tyurin had hacked.

Def Con 2019 and Hacking iOS Contacts

· · Link

Another Apple hack shown off over the weekend at Def Con 2019 involves iOS Contacts and a SQLite vulnerability. But it’s not something we need to worry about. Emphasis mine:

Documented In a 4,000-word report seen by AppleInsider, the company’s hack involved replacing one part of Apple’s Contacts app and it also relied on a known bug that has hasn’t been fixed four years after it was discovered…

They replaced a specific component of the Contacts app and found that while apps and any executable code has to have gone through Apple’s startup checks, an SQLite database is not executable.

Basically, it sounds like the bug is only available if you specifically remove a key component of Contacts.

News+: Don't Give Money to Ransomware Scammers

· · Link

In the latest issue of PCMag, Max Eddy writes that you shouldn’t give money to ransomware attackers when they ask.

First, most cyberattacks—including ransomware—don’t last long. The command and control servers that issue the unlock commands and receive payment can be found and taken offline…In either case, anyone who has been infected and not paid the ransom can no longer get their system unlocked, even if they pay.

This is why keeping several backups is important, one online, one offline. And keep your operating system up to date with the latest security patches and improvements.

This is part of Andrew’s News+ series, where he shares a magazine every Friday to help people discover good content in Apple News+.

That Recent Data Breach Might Not Be Limited to Capital One

· · Link

The Capital One data breach might not have bene limited to the bank. Other companies could’ve been affected too, according to Slack messages from the hacker Paige Thompson.

Reports from Forbes and security reporter Brian Krebs indicating that Capital One may not have been the only company affected, pointing to “one of the world’s biggest telecom providers, an Ohio government body, and a major U.S. university,” according to Slack messages sent by the alleged hacker.

Krebs posted a screenshot of a list of files purportedly stolen by the alleged hacker. The stolen data contained filenames including car maker “Ford” and Italian financial services company “Unicredit.”

Capital One Hack Affects Credit Card Customers

· · Link

On July 19 Capital One found it had gotten hacked. The FBI arrested the hacker but 100 million U.S. customers are affected.

The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019. This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.

What angers me the most about this is the fact that I had to read the news to learn what happened. As a Capital One customer I feel I should’ve been notified by email. Customers affected by this will get an email but I want a notification email as well. Maybe I’ll get five bucks like those affected by Equifax.

NSO Group Tool Harvests Targeted iCloud Data

· · Link

Israel-based NSO Group claims it can harvest iCloud data in targeted attacks. It’s said to be a version of the Pegasus spyware.

Attackers using the malware are said to be able to access a wealth of private information, including the full history of a target’s location data and archived messages or photos, according to people who shared documents with the Financial Times and described a recent product demonstration.

When questioned by the newspaper, NSO denied promoting hacking or mass-surveillance tools for cloud services, but didn’t specifically deny that it had developed the capability described in the documents.